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DECODER AND SECURnTY MODULE FOR A DIGITAL TRANSMiSSlON SYSTEM 

The present Invention r^Jatcs to a decoder and security module for a c^igrtal fcransmtssion system and 
5 method of operating a decoder and security module, in parSoular for use in a digitaf television system. 

Conventional digital television broadcast systems transmit data in the form of discrete transport stream 
packets or transport packets, each packet being of a predetemiJned length and containing a header 
J ^ payload. The MPEG standard is the currently favoured standard in this domain and sets out. 
M|0 amongst other things, a predetermined format for such packets. 

The packet header comprises general descriptfve data regarding the packet, whilst the payloed 
comprises the data to be processed at the receiver. The packet header includes at least a packet ID 
or PID idenlilying the packet. The paj^oad of the packet may contain audio, video or other data such 
15 as application data or, in parHcular, conditional access system data. 

Conventionally, the incoming data stream is filtered by a receiver/decoder according io the PID of 
each packet Data requiring immediate processing such as audio or visual data Is communicated to 
arv appropriate processor in the form of what is conventionally known as a packetised elementary 
4k stream or PCS. This continuous flux of data, which is fonmed by assembling the payfoads of the 
transport packets, itself comprises a sequence of packets, each PES packet comprising a packet 
header and payload« 

Other data not requiring immediate processing may also be encapsulated within fte payloads of the 
25 transport packets. Unlike PES data, which is treated immediately by a processor to gwierate a real 
time output, this sort of data is typiceily processed in an asynchronous manner by the decoder 
processor. In this case, data Is formatted in a single table or a series of sections or tables, each 
including a header and a payload, the header of the section or table including a table ID or TID. 



In the case where the access to 3 transmission is to be restrfcted, for example, in a pay TV system, 
conditional access data may be included rn a table or section broadcast in the transport stream wHh 
the transmission* This conditional access data is filtered by the receiver/decoder and passed to a 
portable security module, such as smart card, inserted in the decoder. The data is then processed by 
5 the smart card in order to generate, for example, a control word subsequently used by the decoder to 
descramble a transmission. 

One problem with known systems lies in the volume Of data that will be received and proo»sed by the 
receiver/decoder end notably the volume of conditional access messages eventually fonrarded to the 
1 0 smart card or security module. In particular, the processing capabPities of a smart card processor ano 

iho aopooity of tho oommunieation rhoinn»l hatwPf^D thA fimmtiw nnd f^mart card may be iHSUfncient tO 

handle a given volume of messages* This problem is exacertjated by the increasing tendency for 
programmes to be transmitted with muftipJe conditional access messages cnabfing access by different 
operators to the same programme (e.g. a football match or a thematic television channel). 

15 

According to the present invention, there is provided a decoder for a digital transmission system 
adapted to receive a transport packet stream containing table, section or other packetised data 
encapsurated witfiin the packet paytoads and characterised In that the decoder comprises a means for 
filtering the encapsulated data configurable in response to filter data received from a portable security 
20 module. 

Filtering data at the table or section level fn response to information from the security module enables 
a more precise identification and selection of data to be carried out, for example, to extract relevant 
conditional access messages addressed to the module, in practice, and as will be described below, 
25 this filtering at the table or section level may be carried out after and in addition to a filtering carried out 
at the transport packet tevel, 

Preferablyi the means for filtering encapsulated data is configurable in response to filler data 
comprising at least a table ID or section ID value transmitted by the portable security module. The 



tor ««eHn, ..cap«-W«. da., m=, e<n»«y M con^urabl. h. acconlano. wKh c*« <Wa 



means 

received frcm the portable $^rity module. 



.esecuH^n.od.econa.ona.accessda.o.ta.e..nacc«.a^^^ 



15 



the security moduie- 

. « •«= ««ri«iitertv adapted to enatrte a reduction of the volume of condittonal 
Whilst the present invention is partwuiany aaaptw w « 

eo.«l me«a,» <6CMs) and/or entmemen, managemen. m«=sag« (Smms). 
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generation 



of a numoer of EVIMs. not all of which may be relevant to a given user. 
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P«fe««,.H«^=r..me,d«ap«vid.d by^»cud^«du«o^pri«»d,..used byU>e«.er 
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security mo<lule. 

,„c„a.mbcd»«en..*.deco«r«,d^.»d„«c^e,oonW«ordgen«««by»-.»ur»y 
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the decoder to descramWe a scrambled transmission. 

,„„«on..m.*g««.-b,.or«c««,»-«.«.--d-™y..r«er carry .u.,.™n.port.«v.. 
30 order, ca^p... « on,y .He«. p,cKe» ^g da« as«c,a«d »«. «. 
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partrcular conditional acce$s system used by the security module. Preferably, tiierefore the decoder 
further comprises a means for filtering transport packet data configurable In response to data received 
from the security module, 

5 Advantageously, the means for filtering transport packet data may be configurable in response to data 
representing the identity of the conditional access system received from the security module. 

In one embodiment, the transport packet filtering means is ailapted to extract transport packets 
containing a program map table and a conditional access table, the decoder further comprising 
10 selection means adapted to receive the program map table and condi^nal access table from the 
transport packet filtering means and conditional access identity data from rhe security module and 
Q^ereafter configure the transport packet filterlrtg means to extract transport packet data associated 
wftti the oondiUonal access system in question. 

15 In order to preserve security in the system, some or all communications between the security module 
and the decoder may be encrypted. In pariicuiar. the descrambling control word generated by the 
security module and eventually transmitted to the decoder may be encrypted- 

The present inventcon has been descnbed above in relation to a decoder. Other aspects of the 
20 invention relate to a method of filtering encapsulated data in a transport packet stream and a security 
moduJe for use wtth a decoder or method of the present invention. Jn one embodiment, the security 
module may conveniently comprise a smart card. 

Whilst the present invention may apply to any packet transmission system comprising a transport 
25 stream layer and a table or section layer, the present invention Is particulariy applicable to a decoder 
adapted to receive an MPEG compatible data stream- 
in this regard, the term 'Hable. section or other packetised data" refers in its broadest sense to any 
data table, alone or in a sequence, and comprising a header and paytoad and that is itself 
30 encapsulated within a transport packet stream. As will be described in the preferred embodiment, the 
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, --^..M^ any transmission system for 
^ -digtel transmission system' includes any van 

^ used herein, the term d«te. tra ^.^tovisaal or muWrned'^ digital data. 
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and other system* 
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S reference to the foUo^ing figures, in ^wt^ich: 

architecture of a digital TV system according to this enibodlment; 
Figure 1 shows the overall architeciure of a y 

access messages; 

P,.e.st^tHest.c.reof.ongforr.an.sHor.for.MPBC.^ 

p..^re5sHowst^. events ofareceiver/decodertor^in this e.^^^^^ 

«f th« receiver/decoder used to process the transport stream, in 
Figure $ snows the elements of the recewer/oeccju 

particuier in relation to conditiooal access messages; and 

. K «f tte PID and section filters of the filter unit of Fig- 6. 
ngure 7 shows the structure of the PlD ano sew 
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.Eludes a mosmr . „=eMeoii.pte»a>r 3 In a broadcast centre recewK 



30 including tetecom links- 
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Tl« transmitter 8 ti^nsmils ded«>magnetic signals via uplink 8 towards a sateflte transponder 9. where 
they are eJectronically processed and broadcast via a ncfenal downlinK 1 0 to earth receiver 1 1 . 
conventionally « the form of a dish ««Anied or rented by the end user. The s'^ls received by receiver 1 1 
are transmitted to an integrated receiver/decoder 12 owned of rented by the end user and conneded to 
the end usei-s television set 13, The receiver/decoder 12 decodes the compressed MPEG-a sigrial into a 
television signal for the telewh*n sat 1 3. 

A conditional access system 20 is connected to the multiplexer 4 and the receiver/decoder 12. and is 
located partly in the broadcast centre and partly In the decoder. It enables the end user to access digiBi 
television t,roadcasts ftom one or more broadcast suppliers. A smartcard, capable of decrypting 
messages relafing to commensal offers (oiat is. one or several television programmes sold by the 
broadcast supplier), can be inserted into .ne receiv«.decoder 12. Using the decoder 12 and smartcard. 
the end user may purchase events In either a subscription mode or a pay-per-view mode. 

An interactive system 17. also connected to the muttiple)cer 4 and the receiverWecoder 12 and again 
located partly in the broadcast centre and partly in the decoder, may be provided to enable the end user 
to interact with various applications via a modemmed back channel 16. 

The conditional access system 20 wiU now be described in more detail. 



With reference to Figure 2. in oven,lew the conditional access system 20 includes a Subscriber 
Authorization System (SAS) 21 . The SAS 21 is connected to one or more Subscriber Management 
systems (SMS) 22. one Sive fer each broadcast suppfier. by a respectNe TCP-IP nnKage 23 (although 
25 othertypesoflinKagecould alternatively be used). A«ernatively, one SMS could be shared beN«een t«o 
broadcast suppliers, or one supplier could use two SMSs. and so on. 

Fii^t encrypting units in ihe torn, of ciphering units 24 utaising "mother" smartcante 25 are connected to 
the SAS by linkage 26. Second encypting units again in the form of ciphering units 27 uBfislng mother 
30 smartcards 28 are connected to the multiplexer 4 by finkage 29. The receiver/decoder 12 receives a 



"daughter^ smartcard 30. It is connected directly to the SAS 21 by Communications Servers 31 via the 
modemmed back channel 1 6. The SAS sends, among$t other things, subscription rights to the daughter 
smartcard on request 

5 The smartcards contain the secrets of one or more commercial operators. The 'Another" smartcard 

encrypts different kinds of messages and the "daughter smartcards decrypt the messages, if they have 
the nghts to do so. 

The first and second ciphering units 24 and 27 comprise a rack, an eloctronic VME card with software 
10 stored on an EEPROM. up to 20 dectronrc cards and one smartcard 2S and 28 respectively, for each 
dedrdnic card, one card 28 ftor enciypOng the ECMs and one card 25 for encrypting the EMMs. 

. The operation of the condition^ access system 20 of the digital teievi^on system wUI now be descrit>ed in 
more detaO wJth reference to the various components of the television system 2 and the conditional 
15 access system 20, 

Multiplexer and Scrambler 

wan reference to Figures 1 and 2. in the broadcast centre, the digital audio or video signal is ft^ 
20 compressed {or bit rate reduced), using the MPEG'2 compressor 3. This compressed signal Is then 

transmitted to the multiplexer and scrambler 4 via the linkage 6 in order to be multiplcxGd with other data, 
such as other compressed data. 

The scramble generates a control word used in the scramt>iing process and included in the MPEG-2 
25 stream in the multiplexer. The control word is generated internally and enables the end users Integrated 
receiver/decoder 12 to descramble the programme. 

Access cnteria, indicating how the programme ts oommerrialised. are also added to the MPEG-2 stream. 
The programme may be commerciateed in either one of a number of •Subscription'^ modes end/or one of 
30 a number of "Pay Per View" (PPV) modes or events. In the subscripfion modOi the end user subscribes 



bouquet of channel. 

^ .h* «nd user is prwided with the capability to purchase cvenis as he wishes. 
In the Pay Per View mode, the end user IS prevwo , . ^ 

i.-mode'T In the preferred embod1inent.a» users are 

event as swn viewers need not 

^bsoibers. Whether or nottheywatchlnsubscnpton or mode, butof 

necessarily be subscribers. 
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Fntitle-ment C "^trol Messages 

are used to buad an entWement Controt Message (ECIWI). 
Both^a^^^wordandtneaccesscnter^areusedto 

Thlsisa™-sagesent.n«^«onwi«iasc«n,bledprograrn.«.e.essagecon^ 

, J ii..,r.->«.crteia of me brOKlMSt program. The access 

^wo^d. 



Each service l 
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""^ * ^ -1 uiHeo comoonent an audio component, a 

c<„pc™„Kfa«.en,pleatele»-^p™9ren™e«id»dee,<-deocompon 

.„«..c«.pc«n.«.s.on.e,c.o,^»npc^='«---«-"**''^-=--»--^^^ 

prMs are also cenerated in the case where muitlpte condftionai 
components of a service. Multiple ECMs are also genera 

access systems contrd aoce^ to the same transmitted program. 
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Programme Trarisfnission 



The multiplexer 4 recces electrical signals comprising encrypted EMNte from the SAS 21 ^ enctypted 
ECMs from the second encrypting unit 27 and compressed programmes from the cofYpressor 3, The 
5 multiplexer 4 scrambles the programmes and sends the scrambled programmes, the encrypted EMMs 
and the encrypted ECMs to a transmrttcr 6 of the broacfcdSt centre via the linkage 7. The transmrtter 6 
transmits electromagnetEc signets tovv^s the satellcte transponder d via uplink 8. 



Programme Recepfion 



10 



The satenite transponder d receives and processes the electromegnetic signals transmitted by the 
transmitter 6 and transmits ttie senate on to the earth receiver 1 1 , conventionally in the form of a drsh 
owned or rented by the end user, via downlink 10. The signals received by receiver 11 arc transmitted to 
the integrated receiver/decoder 12 owned or rented by the end user and connected to the end user's 
1 5 television set 13. The receiver/decoder 12 demultiplexes the signals to obtain scrambled programmes 
With encrypted EMMs and encrypted ECMs. 

If the programme Is not scrambled, that is, no ECM has been trartsmitted vfilih the MPEG-2 stream, the 
receiver/decoder 12 decompresses the data and transforms the signal into a video signal for transmission 
20 to televisron set 13. 

If the programme Is scramoiedi the receiverydecoder 12 extracts the oDnresponding ECM from the MPEG- 
2 stream and passes the ECM to the "daughter" smartcancJ 30 of the end user. This slots Into a housing in 
the receiveridecooer 12. The daughter smartcard 30 conlrul;* whethei" the end user has tt^e right to 
25 decrypt the GCM and to access the programme. If not, a negative staU^s is passed to the 

receiver/decoder 12 to indicate that the programme cannot be descrarrd:>(ed. If the end user does have 
the rights, ttic ECM is decrypted and the control word extracted. The decoder 12 can then descramble 
the programme using this control word. The MPE6-2 stream is decompressed and translated ktto a video 
signal for onward tran^tssion to television 13. 



30 



S bandwKW access to 0«9™p can pemitthe r.ach«, ot a graa..«T-6« otend u«s. 

va*usspeca>c.yp«.o.EMMcan«^. i„*«u-EMNte«.<«ieaW»io*,»ua.««aalb«.=nd 

posfcn of the subscriber in that ureup. 

O^p i*sa,p«on EMM. «e 6edU:«e<. U.^a,. 2« in<«vidue, u»». »«. VPice«, u»id 
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group bitmap. 

1 5 Audtence EMMS a» d««ca.«i to entim audl«»~, «> n,»t6. example be us«i by . partoular 
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to the unique idenfifier of the smartcard. 

Subscriber Manageme nt Systftin (SMS) 

A Subscdber Mana^ Sy«am (SN«) 22 indodes a datab... 32 

Of theend usarfles. ccr««=a. offer. subscdpHons, PPV de.a»s.aod data «9erdin9 end user 

„,„«„,p«on and authorization. ■th.SMSm«,bcph)«cdlyn»notef™n,theS«:. 

e,*SMS22.^smtemas«a...o,heS*S2tviarespadi«linKa».23»hi*-«,p«,n»d«^ 
caailons of EnliUement Manasement Messages (EMMs) to oe transn«l«l to and users. 
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The SMS 22 ateo transmib me^sgge© to the SAS 21 which imply no mocfffications or creations of EMMs 
but imply only a change in an end user's state (relating to the authorization granted to the end user when 
ordering products or to the artiount that th6 end user wai be charged). 



S Tho SaS 21 ocndo mcoaogco (Vp»oUy requcating informqtion aueh eciQ-bGek information or bjlling 
information] to the SMS 22, so that ft will be apparent that communtcation betM/een the two Is twucMA/ay. 



Subscrftier Authorization Sygtem (SAS) 



10 The messages generated by the SMS 22 are passed via linkage 23 to the Subscriber Auttiorization 

S^^terri (SAS) 21 , whi^ in turn generates messages acknowledgrng receipt of the messages generated 
by the SMS 21 and passes these acknowledgements to the SMS 22. 



In overview the SAS comprises a Subscription Chain area to give rights for subscription mode and to 
1 5 renew the rights automatically each month, a Pay Per View Chain area to give rights tor PPV events, and 
an EMM Injector for passing EMMs created by the Suljscription and PPV chain areas to the multrpJexer 
and scrambler 4. and hence to feed the MPEG stream with EMMs. If other rights are to be granted, such 
as Pay Per Rfe (PPF) rights rn tne ca$e of downloading computer soTbMare to a users Personal 
Computer, other similar areas are also provided. 




One function of the SAS 21 is to manage the access rights to t^evision programmes, available as 
commercial offers in subscription mode or sold as PPV events according to different modes of 
commerQ'dBsafion (pre-book mode, impulse mode). The SAS 21 , accordine to those rights and to 
information received from the SMS 22, gen^^es EMMs for the subscriber. 

25 

The EMMs are passed to the Ciphering Unit (CU) 24 for ciphering respect to the management and 
e^tpfoitation keys. The CU completes the signature on the EMM and passes the EMM back to a Message 
Generator (MG) tn the SAS 21 , where a header is added. The EMMs are passed to a Message Emrtler 
<ME) as complete EMMs, The Message Generator determines the broadcast start and stop time and the 
SO rate of emission of the EMMs, and passes these as appropriate directions along with the EMMs to the 



Message Emftter. The MC5 only generates a given EMM once; it is the ME which perfomis cydic 
transmission of trve EMMs. 



On generation of an EMM, the MG assigns a unique idenlifiw to the EMM. VWien the MS passes the 
5 EMM to the ME. it srfso passes the EMM 10. This enables idenfificafon of a particuiar EMM at both the 
MG and Vne ME. 

In systems such as simulcrypt which are adapted to handle multiple conditional access systems e.g. 
associated with multipie operators. EMM streams associated with each cwditionai access system are 
10 generated separately and multiplexed together by the multiplexer 4 prior to transmission. 

Cnrtdrtktnal Access Message s in the Transport Streain 

The different nature of ECM and EMM messages leads to differences vis & vis the mode of 
16 transmission of the messages In the MPEG transport stream. ECM messages, which car^r the control 
words needed to descramble a programme are necessarily Knked to the video and audio streams of 
the programme being transmitted, tn contrast EMM messages are general messages broadcast 
asynchronously to transmit rights infomiatlon to individual or groups of customers. Thfe difference is 
reflected in the placing of ECM and EMM messages within the MPEG transport stream. 

AS is known, MPEG transport packets are of a fixed length of 1 88 bytes including a header. In a 
standard packet, the three bytes of the header following the synchronisation data comprise: 

TABLE t Transport error indicator 1 bit 

25 Payload unit indicator ^ bit 

Transport priority 1 bit 

PID 13 

Transport scrambling control 2 bits 

Adaptation field oontrol 2 bits 

30 Continuity counter * bits 



^..v:p^yr...J!r^.ms..J^j& : 8171 838 8881 
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The ch^ir^cteristics of the$e fields are largely determined by the MPECS sianddrc}. 

Referring to Figure 3, the organisation of data within a transport stream will be described. As shown. 
S the transport stream contains a programme assoeiatten table 40 fPAT)* the PID in the header of the 
packet being fixed by the MPEG'2 standard at a value of 0x00. The programme access table 40 
provides the entry point for access to programme data and contair^ a table referring to the PIO values 
of the programme map tables (VMD 41 , 42 associated with a number cf programmes* Each 
programme map table 4i , 42 contains in turn a reference to ttie PiD values of the paclcet streams of 
1 0 the audio tables 43 end video tables 44 of th^t programme. 

As shown, the programme map table 42 also contains references to the PID values of other packets 
45» 46 containing additional data relating to the programme in question* In the present case ECM data 
generated by a number of conditional access systems and associated wiO) the programme in question 
15 Is contained within the referred packets 45i 43. 

In addition to the programme access table PAT 40, the MPEG transport stream further comprises a 
conditionaJ access table 47 (yzAr)^ the PID value of which is fixed at 0x01 . Any packet headers 
containing this PIO value are thus automatically identified as containing access control information. 
20 The CAT table 47 refers to the PID values of MPEG packets 48, 49. 50 associated with EMM data 

associated with one or more conditiorral access systems. As with (he PMT packets, the PID values of 
the EMM packets referred to in the CAT table are not fixed and may be determined at the choice of 
the system operator. 

25 Private Section Data 

in conformity with the MPEG-2 standard, infomnation contained with a packet payload is subject to a 
further level of structure according to the type of data being transported. In the case of audio, visual, 
teletexts subtitle or other such rapidly evolving end synchronised data, ^e Information is assembled in 
30 the form of what is known as a packetised elementary stream or Pe5- This data stream, which is 



formed by assemWing the payloads of the frartsmitted packets, itsetf comprises a s^juence of 
packets, each packet comprising a packet header and payfoad. UnJrke the transmitted packets in the 
transport stream, the length of PES packets is variable. 

5 In the case of other data, such as application data or, m this example, ECM and EMM data, a different 
fonnal from PES packeting is piroscribed. In particular, data contained in the transport packet payload 
is divided into a ©cries of sections or tables, the table or section header including a table ID or TID 
idenu^rng the table in question. Depending on the size of ttie data, a section may be contained 
entirely within a packet payload or may be extended in a series of tables over a number of transport 

10 packets. In the MPEG-2 contesct the term "table- is often used to refer to a single table of data, whilst 

' "section" refers to one of a pTuralRy of tables with the same TlO value. 

As with transport packet data and PES packet data, the data structure of a table or section is 
additionally defined by me MPEG-2 standard. In particular, two possible syntax forms for private table 
1$ or section data are proposed; a long fonn or a short fomn. as illustrated Fn Figure 4. 

In both the short and long fomn, the header includes at least the data 60 comprising: 



TABLE 11 Table id 8 bits 

20 Section syntax Indicator 1 bit 

^ Private indicator/reserved 1 hit 

ISO reserved 2 bits 

Section length 12 bits 



25 The private indtoator and private sectton lengths are connprised of data not fixed by the MPE©-2 
standard and whi<*i may be used by the system operator for his own purposes. 
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In the case of short form, the header 60 is immediately followed by the payload data 61 . In the case of 
the long form- a further header section 62 is provWed before the payload 63 end the message e<tuatty 
includes a CRC check value 64. The long form, which is typically used when a message is so long 
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that It must be divided into a number of sections, contains the infofmation necessary to assemble the 
sections, such as the section number, the number of the fast section in the sequence of sections etc. 

For further information regarding the long and short form table data, the reader is directed to the 
S MPEG.2 standard. 



In the case of conditional access ECM and EMM messages, the data may usually be accomodated in 
a single table and the short form will be the appropriate fomtaL A specific syntax for such short Tbrm 
conditional access messages is proposed fn the contact of the present Invention, namely; 



10 



TABLe*in Table rd (filter data) 8bte (1 byte) 

Section syntax indicator 1 tjit 

Private indic?itor/reserved 1 bit 

ISO reserved 2 bits 

1 5 Section length 12 bits 

CA specific header field (filter data) 56 bits (7 bytes) 



For such CA messages, the table id vaiue may be set by the system operator at, for example, 0^80 
end 0x81 for ECM messages (for example, odd and even messages) and 0x82 to Ox8F for EMM 
20 messages. These values are not MPeG-2 proscribed and may be <^osen at the discretion of the 
system operator. 



EqusHy, in the case of the CA specific header field, hereby designated as the first 7 bytes of the 
payload following the header, the parameters may be set by the system operator to reflect, for 
25 example, the fact that the CA message is an EMM message carrying individuaf, group or audience 
subscription infomnation. In this manner the ""header of such a taWe or section is extended. 
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The advantages of such message syntax wfti become clear later, with regard to the processing and 
filtering of messages by the receiver/decoder, notably by using the Table id and CA specific field data. 
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Applications processed by the control unit 7» may be resident applications stored in the ROM or 
FU^SH of the decoder or epplications broadcast and do«n.naded via the MPEG interface 2 of the 
decoder. Applications can include program guide applications, games, interactive services, 
teleshopping appiications. as well as initiating applications to er^able the decode, to be immediate^ 
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operational upon start-up anO aoplicalions for configuring aspects of the decoder. Applications are 
stored in memory locations in the decoder and represented as resource files comprising graphic object 
descfiptioAs files, unit files, variables block files, instruction sequence files, applications files, data files 
etc. 
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Pilterinq of Conditional Access Data 



Figure 6 shows In schematic form the elemente necessary for processing packet end fable data in 
accordance with this embodiment of the invention. As will I* understood, the elements shown in this 
i 0 figure may be implemented in hardware, software or In combination of the wo. 

The broadcast transmission received from the satdlite receiver are passed via the oonventionaJ tuner 
70 and an associated demodulator unit 79. The tuner 70 typically scans a range Of ft-equendes. 
stopping When a cncsen earner frequency is detected within that range. The signals are then treated 
1 5 by the demodufator unit 79 which extracts and fonwards the transport packet stream to a demux and 
filter unit 80. The filter stn^cture of the demux and filter unit 80 will be described in detaH below in 
relation to Figure 7. As will be understood, the actual choice of components needed to implement 
such a unit is at the discretion of the manufacturer and the most important aspect of euch a unit is the 
chosen fjiter configuration. 



in the case of data encrypted In accordance with a conditional access system as per the present 
embodiment, the filter unit interacts with a smart card 30 (or any other secure device) inserted in the 
decoder 12 and a channel parameter application 81 , typically implemented as a software application in 
the decoder. 



The filter unit 80 extracts from the transport packet stream the PMT and CAT tables present in the 
stream. Referring back to Figure 3. this filtering operation is carried out at a PID level, the CAT table 
being identified by the PID value OxOi and the appropriate PMT table corresponding to the chosen 
broadcast channel being extracted via the PAT table (PID value: 0x00) and the PID value of the 
30 cfiosen channel identified in the PAT table. 
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The channei parameter application 81 addftipnally receives from ihe smart card 30 an identification of 
the conditional access system assodaied with that smart card. Again, referring back to Figure 3. a 
first conditional access system is associated wifri ECM and EMM data in the packets 45 and 4$, 
respectively. Using the conditional access system ID received from the smart card 30 and the PMT 
and CAT tables received from the filter unit 80, the application 81 determines the PID values of the 
conditional access packets associated with the conditional access system in question and returns 
these values to tiie filter unit 80. 
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In the case of a simplified system, where a relatively small number of ECM and EMMs are emitted, no 
other filtering may be necessary and these PiD values may be used by the filter unit 80 to extract all 
relevant ECM and EMM private sections from the identified packets and to thereafter ftonward the data 
contained within these sections to the smart card 30. 
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This conditional access data is then prwessed by the microprocessor within the sn»art card 30 and the 
control word associated with the transmission passed to a descrambllng unit 83. The descrambling 
unit 83 receives scrambled audiovisual or other data infomr»ation extracted from the transport packet 
stream by the demox and filter unit 80. descrambles the information using the control word and 
thereafter passes the data to a convention MP£G-2 chip which prepares the data for subsequent 
display on the assodaied television display. 

Ha^er. v^ilst a pio level filter enables an extraction of those ECM and EMM messages associated 
exclusively with the conditional access system in question, there may nevertheless be a large 
proportion of messages irrelevant to the user. These messages may include group EMM messages 
for other user groups, irtdividyal EMM messages for other users etc. The throughput of conditional 
access messages passed to the smart card may therefore be very high. Given the limitations of the 
processor power and memory of smart cards, this throughput may be m practice more than the card 
can handle. 



: 8171 838 8881 ^ BS/^S^SB IG'-ZB J^.i 

In order to overcome this problem, the smart card 30 is adapted to pa&s further filter data to the unit 80 
for use in a section or table level filter process. 



Referring to the Table ill above, tables containing condftional access data include TaWe id and CA 
5 specific header fields which are chosen to identify, for example, the presence of an EMM or ECM 
(fable id values 0x80 cr 0x81 and 0x82 to OxSF, respectively) arK3 the type of message (CA specfffc 
data identifying the group concerned by a group EMM message, the presence of an audience EMM 
message etc). Depending on the data that it requires, the smart card 30 will send the necessary tabFe 
id and CA spedfic data to configure the filter unci to extract and return only those conditional access 
1 0 mes^gee of fnterest to the smart card. In this way, the flow of data sent to the smart card may be 
reduced to conform with tiie processing capabffities of the smart card microprocessor. 

Referring to Figure 7. the details of the filtering unit 80 will be described. Typlcany, the unit may be 
implemented as a hardware resource^ driven by a firmware managing application with the 
1 5 receiver/decoder. As shown, a first set of iitters 85 cames out a PID filtering process using the CA 
PID information received from the channel parameter application. The PID filters 85 may equaJiy be 
configured to eietract other relevant packets such as the PMT, CAT tables sent to the channel 
parameter appfication. Other PID filters (not shown) may be used to extract the audiovisual PES 
packet infonmation eventually sent to the descrambler etc. 

20 

Once stripped of the packet header, the private section or tabie data is then routed to a set of prefilters 
86 adapted to fitter the 8 bytes in the extended header of a table. As shown in Table IJI, 1 byte of the 
extended header is associated with the table id, 7 bytes with me CA specific information. The filtering 
operation is carried out by comparison of the 8 byte pattern in a table with the filter data received from 

25 the smart card. Some bits within the 8 byte, 64 bit pattern may be masked or ignored in the 

evaluation, in this embodiment, 32 different patterns are proposed, a subset of these patterns being 
applied by the prefilters in dependence of the information received from the smart card, if one pattern 
matches, the section is sent to the FIFO buffer element 87. If no pattern matches, the section is 
ignored. The filters 86 equally act to extract from the appropriate sections the PMT and CAT table 

30 information, which is passed to a FIFO buffer 88. 
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Due to the characteHsUcs of ttio transport layer, the arrival of sections is bursty. TTte buffer capacity gf 
th^ buffers 87, 88 must be sufTidefil to handle an average rate of 5Mbits/s, wHh the insertion of 
packets being based on a regular allocation with a possible deviation of ± 25%. 

5 

In order to better understand the invention, a proposed eicampl© of operating instructions handled by 
\he section filters 86 win now be outlined. 

F/rter_a/Lsec<i6ns (FUterjd, Target, Mask, Trigger^condUons, p/n) 
10 This command retrieves every section nriatching the target except masked bfts after trigger_corKlitions 




occured. 



FSter_next_section (Fitior^ki, Target, Mssk, Tf^g&r^condfUons, p/n) 
This command retrieves the next section matehing the targel except masked bits after 
15 trigger_conditlons occured, Trigger^conditions are related to other filters previously identified as 
matching. 

Pilierjd is an index between 0 and 31 . pointing to a filter and an output queue. In addition, it gives ttie 
queueing priority, 0 l>ein9 the highest priority. 
20 Targef is an a bytes pattern. 

^ Mask is an 8 bytes pattern showing the bits to be masked In the target, value 0 means masked, 
TaggerjcondMons is a 32 bits bitmap, ORing fiHerJd triggering that filter. Bit set at 0 means no 
trigger condition. Self trigger condition is ignored. 

p/n fs a value, nonmally set to 1, positive for normal operation as described at)ove. When set to 0 Ii 
25 means negative filtering, i.e., retrieve sections not matching target. 

Examples of use: 

Example 1: 

30 Fttter_alLsections(5. Qx8C7C453AA8BBPF00. 0XFF557FFFEEFFFF00, 0, 1 ) 
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will capture all EMMs corresponcfing to matching aiteria. 



Example 2: 

Riter_next_section(o, oxsooooooooooooooo, oxFfoooooooooooooo, o, 1) 

5 Rlter_next.section(1 , 0x81 00000000000000, OxFFOOQOOOOOOOOOOO. S, 1 ) 
Filter_nextj5ection(2. 0x8000000000000000. OxFFOOOOOOOOOOOOOO, 3. 1) 
wBl start an ECM capture process with odd/even toggle. 



Example 3: 

Fiiter.next_section(8. OxPMT_TIDOOOOVersion_rvumberOOOOOOOO, OxFFOOOOlFOOOOOOOO, 0, 0) 
Filter_next_section(1, 0x8100000000000000, OXFFOOOOOOOOOOOOOO* 0x14, 1) 
FiUer_next_sectron(2, 0x8000000000000000, OxFFOOOOOOOOOOOOOO, 0x12, 1) 
will start an ECM capture process with odd/even toggle, starting when there is a change in the PMT. 

1 5 In terms of communication of CA messages and filter data to and from the smart card 82 and fater unit 
80^ a standard protocol such as IS0781 S may be used. Since not all of the data In the filtered private 
section is required by the srnart card 82, the section may be modified and a message of the following 
fonmat sent to the smart card: 



20 Table id 8 bits 

Zero 11 bits 

Filter id 5 bits 

CA spectftc header field 56 bits 

CA message N*8 bits 
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The meaning of each of these terms will be dear from the above description. In temns of the filter data 
sent from the smart card 82 to the filter 80, the folJowing (brmat may be used: 



Number of Alters 8 bits 

30 Filtering instruction 5 bits 
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FBter W 

Target 

Mask 

Trigger oorulifions 
p/n 



23 

5 bits 
64 bits 
64 bits 
5 bits 
1 bit 
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Number_ofjrtliBts describe* the number of filters to be set in this rnstrucfion. 
Fifte/ingjnstruction is describing the type of instruction {filter next section. Alter 3II secaons)^ 
Fitter Jd »s an index pointing to 3 filter and an output queue. In addition, it gh/es the queueing priority, 
10 0 beffig the highest priority. 
Tsrget is the target pattern. 
Mas/r is a pattern showing bits to be masked In the target, value 0 means masked. 
Triggerjx>nditions is a bitmap, ORing filter Jd triggering that filter. Bit set at 0 means no trigger 
condition. Self trigger condition is ignored, 
15 p/n Is a value, nonnaWy set to 1^ positive for normal operatton as described above. When set to 0 it 
means negative filtering, i.e., retrieve sections not matching target 



In practice, communications between the smart card and the receiver/decoder may be eubjectto a 
level of encryption or scrambling for security reasons, m particular, communications between the 
^20 smart card 82 and filter unit 80. as well as the control word stream $ent to the descrambler unit 83 

may be encoded in this way. Encryption algorithms suitable for this purpose are widely known (RSA, 
OES etc.)- 
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CLAIMS 

1. A decoder adapted to receive a transport packet stream oorttaimns? table, section or other 
5 packetised data encapsulated within the packet paykads and characterised tn that the decoder 

comprises a means fbr filtering o.e encapsulated data configurable in response to inter data received 
from a portable security module, 

2. A decoder as claimed in claim 1 in which the means for filtering encapsulated data Is configurable 
10 in response to filter data comprising at least a table ID or section ID value transmitted by the portable 

security module. 

3. A decoder as daimed in daiin 1 or 2 in which the means fbr filtering encapsulated data Is farther 
adapted to fon^ard to the security module conditional access data obtained in accordance with the 

1 5 filter data received fi'om the security module. 

4. A decoder as claimed in Claim 3 in which condiUonal access data forwarded to itie security module 
comprises entitlement control messages (ECMs) and/or entitlement management rr^essages (EMMs). 

20 S. A decoder as daimed in daim 3 or 4 in whfch filter data provided by the security module comprises 
data used by the filter means to extract group and/or individual entitlement management messages 
addressed to the security module. 

5. A decoder as daimed in any of daims 3 to 5 in which the decoder is adapted to receive a control 
25 word generated by the security module in response to the conditional access data fortvarded thereto, 

the control word being used by the decoder to descramble a scrambled transmission. 

7. A decoder as daimed in any preceding daim further comprising a means fbr filtering transport 
packet data configurable in response to data received from the security module. 

30 
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8. A decoder as claimed in daim 7. in which the means for filtering transport packet data is 
configurable in response to data representing the identity of the conditional access sjrstem received 
from the security module. 

9. A decoder as claimed in claim S in which the transport packet filtering means Is adapted to extract 
transport packets containing a program map taWe and a conditional access table, the decoder further 
comprising selectton means adapted to .^ive the program map table and conditional access table 
<^om the transport packet tittering means and conditional access identity data from the security module 
and thereafter configure the transport packet filtering means to extract transport packet data 
associated with the conditional access system in question. 

10. A decoder as claimed in any preceding daim adapted to process encrypt and/or decrypt 
communteations to and from the portable security module. 

11 . A security module fbr use with a decoder as claimed in any preceding claim and characterised in 
comprising a memory means for storing filter data subsequently communicated to the decoder to 
configure the means for filtering encapsulated data. 

12. A security module as claimed In claim 13 comprising a smart card. 

13. A method of p«>cessin9 a transport packet stream containing table, section or other packetised 
data encapsulated within the packet paytoads characterised by receiving the transport stream in a 
decoder and filtering the encapsulated data in response to fflter data received from a portable security 

module. 

14. A method of processing a transport packet stream as claimed in claim 13 further comprising 
generating encapsulated data including conditional access data and filtering at the decoder using the 
encapsulated data and in response to filter data supplied by the portable security module. 
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f^crrnnPR AND SECURrrv MODULE PQ R A DIGITAL TRANSMISSION SYSTEM 

A decoder 12 In particular for a digftaS television system and adapted to receive 5 transport packet 
stream containing table or section data encapsulated within the packet payloads. The decoder is 
Characterised in comprising a m^ns 80 for filtering table or section data conflgurabie in response to 
filter data received from a portable security module 30 such as a smart card. 

-me invention equally extends to a portable security module 30 including a memory holding such data 
as is necessary to configure the table or section filter 80. and a method for processing a transport 
packet stream including encapsulated table and section data using such a decoder 12 and security 
module 30. 

,n a preferred embodiment, the filter 80 is adapted to Alter out condWonal access messages in 
response to the table or sec«on fUter data received from the portable security module 30, these 
messages being thereafter ft>cv«rded to tne security module for processing. 



[Fig. 6] 
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